Alert Management

Learn how to configure alter settings and best practices for managing alerts.

Settings for Alerting

Alerting allows you to determine where messages regarding policy violations are sent.
To make these changes to the alerting, navigate to the Settings tab of the Slack view in the Nightfall console. These settings are available for both Slack Pro, as well as Slack enterprise customers.
The channel that will receive the alert messages for policy violations from is #nightfall-alerts-slack.
Similarly, for messages that are quarantined, an alert will also be sent to the #nightfall-quarantine-slack channel for all quarantined message alerts. The content of the quarantined messages will be sent to the #nightfall-content-slack channel.
For Slack alerts, you may configure alerts to be sent to be sent to an email address as well as to webhook endpoints.
Sending Slack alerts to a webhook endpoint, will also allow for integration and ingestion with other security tools, such as a SIEM or a SOAR.
For more information on how to use webhook endpoints to integrate with security tools, please refer to the article below:

Best Practices for Managing Alerts

Please follow the workflow illustrated below to understand the best practice for managing Nightfall Alerts for Slack
For Slack alerts, whether or not data is sensitive info should dictate the next action that is taken with the alert. For example, if it is determined to be sensitive data, then the user should be notified and the message should be deleted. Conversely, if it is determined to be sensitive data, but is still expected test data, it should simply be acknowledged and the message can be redacted. Using the workflow below should provide some insight on the steps to be taken once an alert is received.
Slack Alert Management Workflow